diff --git a/ci-operator/config/openshift/installer/openshift-installer-master.yaml b/ci-operator/config/openshift/installer/openshift-installer-master.yaml index a56306fa7d1da..f34f437fea4e5 100644 --- a/ci-operator/config/openshift/installer/openshift-installer-master.yaml +++ b/ci-operator/config/openshift/installer/openshift-installer-master.yaml @@ -225,6 +225,10 @@ tests: steps: cluster_profile: aws workflow: openshift-e2e-aws-sharednetwork +- as: e2e-aws-byo-hostedzone + steps: + cluster_profile: aws + workflow: openshift-e2e-aws-byohostedzone - as: e2e-gcp steps: cluster_profile: gcp diff --git a/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml b/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml index 4ca76207fe816..f9d7e229a976f 100644 --- a/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/installer/openshift-installer-master-presubmits.yaml @@ -65,6 +65,71 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - master + cluster: build01 + context: ci/prow/e2e-aws-byo-hostedzone + decorate: true + labels: + ci-operator.openshift.io/prowgen-controlled: "true" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-installer-master-e2e-aws-byo-hostedzone + optional: true + rerun_command: /test e2e-aws-byo-hostedzone + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/usr/local/e2e-aws-byo-hostedzone-cluster-profile + - --target=e2e-aws-byo-hostedzone + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /usr/local/e2e-aws-byo-hostedzone-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: cluster-profile + projected: + sources: + - secret: + name: cluster-secrets-aws + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-byo-hostedzone,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/step-registry/ipi/aws/post/byohostedzone/OWNERS b/ci-operator/step-registry/ipi/aws/post/byohostedzone/OWNERS new file mode 100644 index 0000000000000..f14198cff70e7 --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/post/byohostedzone/OWNERS @@ -0,0 +1,11 @@ +approvers: +- smarterclayton +- wking +- stevekuznetsov +- vrutkovs +- abhinavdahiya +- deads2k +- crawford +- ewolinetz +- csrwng +- staebler diff --git a/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.metadata.json b/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.metadata.json new file mode 100644 index 0000000000000..ce56910c91745 --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.metadata.json @@ -0,0 +1,17 @@ +{ + "path": "ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml", + "owners": { + "approvers": [ + "smarterclayton", + "wking", + "stevekuznetsov", + "vrutkovs", + "abhinavdahiya", + "deads2k", + "crawford", + "ewolinetz", + "csrwng", + "staebler" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml b/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml new file mode 100644 index 0000000000000..ab4cb80d2b1af --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/post/byohostedzone/ipi-aws-post-byohostedzone-chain.yaml @@ -0,0 +1,7 @@ +chain: + as: ipi-aws-post-byohostedzone + steps: + - ref: ipi-deprovision-aws-byohostedzone + - ref: ipi-deprovision-aws-sharednetwork + documentation: |- + The IPI post step contains the steps for cleaning up the AWS resources created for the BYO private hosted zone. diff --git a/ci-operator/step-registry/ipi/aws/pre/byohostedzone/OWNERS b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/OWNERS new file mode 100644 index 0000000000000..18848fbb68a8f --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/OWNERS @@ -0,0 +1,10 @@ +approvers: +- smarterclayton +- wking +- vrutkovs +- abhinavdahiya +- deads2k +- crawford +- ewolinetz +- csrwng +- staebler diff --git a/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.metadata.json b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.metadata.json new file mode 100644 index 0000000000000..7e72764097672 --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.metadata.json @@ -0,0 +1,16 @@ +{ + "path": "ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml", + "owners": { + "approvers": [ + "smarterclayton", + "wking", + "vrutkovs", + "abhinavdahiya", + "deads2k", + "crawford", + "ewolinetz", + "csrwng", + "staebler" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml new file mode 100644 index 0000000000000..7fbe4980590ad --- /dev/null +++ b/ci-operator/step-registry/ipi/aws/pre/byohostedzone/ipi-aws-pre-byohostedzone-chain.yaml @@ -0,0 +1,8 @@ +chain: + as: ipi-aws-pre-byohostedzone + steps: + - chain: ipi-conf-aws-byohostedzone + - chain: ipi-install + documentation: |- + The IPI setup step contains all steps that provision an OpenShift cluster + using a BYO private hostedzone on AWS. diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/OWNERS b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/OWNERS new file mode 100644 index 0000000000000..18848fbb68a8f --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/OWNERS @@ -0,0 +1,10 @@ +approvers: +- smarterclayton +- wking +- vrutkovs +- abhinavdahiya +- deads2k +- crawford +- ewolinetz +- csrwng +- staebler diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.metadata.json b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.metadata.json new file mode 100644 index 0000000000000..310eb12fac797 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.metadata.json @@ -0,0 +1,16 @@ +{ + "path": "ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml", + "owners": { + "approvers": [ + "smarterclayton", + "wking", + "vrutkovs", + "abhinavdahiya", + "deads2k", + "crawford", + "ewolinetz", + "csrwng", + "staebler" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml new file mode 100644 index 0000000000000..7d0ef80ff8e26 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-chain.yaml @@ -0,0 +1,7 @@ +chain: + as: ipi-conf-aws-byohostedzone + steps: + - chain: ipi-conf-aws-sharednetwork + - ref: ipi-conf-aws-byohostedzone + documentation: |- + The IPI configure step chain configures an AWS IPI install to use a BYO private hostedzone. diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-commands.sh b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-commands.sh new file mode 100755 index 0000000000000..249361e9126a3 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-commands.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +# TODO: move to image +pip3 install --user yq +export PATH=~/.local/bin:$PATH + +export AWS_SHARED_CREDENTIALS_FILE=$CLUSTER_PROFILE_DIR/.awscred + +EXPIRATION_DATE=$(date -d '4 hours' --iso=minutes --utc) +TAGS="Key=expirationDate,Value=${EXPIRATION_DATE}" + +CONFIG="${SHARED_DIR}/install-config.yaml" + +REGION="${LEASED_RESOURCE}" + +STACK_NAME=$(cat "${SHARED_DIR}/sharednetworkstackname") + +vpc_id="$(aws --region "${REGION}" cloudformation describe-stacks --stack-name "${STACK_NAME}" | jq -c '.Stacks[].Outputs[] | select(.OutputKey=="VpcId") | .OutputValue')" +echo "Using vpc_id: ${vpc_id}" + +cluster_domain=$(yq -r '.metadata.name + "." + .baseDomain' "${CONFIG}") +hosted_zone="$(aws route53 create-hosted-zone \ + --name "${cluster_domain}" \ + --vpc VPCRegion="${REGION}",VPCId="${vpc_id}" \ + --caller-reference "${cluster_domain}-$(date +"%Y-%m-%d-%H-%M-%S")" \ + --hosted-zone-config Comment="BYO hosted zone for ${cluster_domain}",PrivateZone=true | + jq -r '.HostedZone.Id' | \ + sed -E 's|^/hostedzone/(.+)$|\1|' \ + )" +echo "Using hosted zone: ${hosted_zone}" + +# save hostedzone name to ${SHARED_DIR} for deprovision step +echo "${hosted_zone}" >> "${SHARED_DIR}/byohostedzonename" + +aws route53 change-tags-for-resource \ + --resource-type hostedzone \ + --resource-id "${hosted_zone}" \ + --add-tags "${TAGS}" + +<"${CONFIG}" yq -y --arg zone "${hosted_zone}" '.platform.aws.hostedZone=$zone' > "${CONFIG}.patched" +mv "${CONFIG}.patched" "${CONFIG}" diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.metadata.json b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.metadata.json new file mode 100644 index 0000000000000..f5c8d694ee9b3 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.metadata.json @@ -0,0 +1,16 @@ +{ + "path": "ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml", + "owners": { + "approvers": [ + "smarterclayton", + "wking", + "vrutkovs", + "abhinavdahiya", + "deads2k", + "crawford", + "ewolinetz", + "csrwng", + "staebler" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml new file mode 100644 index 0000000000000..f97256fda312b --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/aws/byohostedzone/ipi-conf-aws-byohostedzone-ref.yaml @@ -0,0 +1,13 @@ +ref: + as: ipi-conf-aws-byohostedzone + from_image: + namespace: ocp + name: "4.8" + tag: upi-installer + commands: ipi-conf-aws-byohostedzone-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + documentation: |- + This step creates a private hostedzone associated with the VPC created in the sharednetwork step and updates the install-config.yaml to use the hostedzone. diff --git a/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/OWNERS b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/OWNERS new file mode 100644 index 0000000000000..8aa379218b2a3 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/OWNERS @@ -0,0 +1,8 @@ +approvers: +- e-tienne +- ewolinetz +- jhixson74 +- jstuever +- patrickdillon +- staebler +- wking \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-commands.sh b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-commands.sh new file mode 100644 index 0000000000000..e7ef7108ac4f7 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-commands.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -o nounset +set -o errexit +set -o pipefail + +trap 'CHILDREN=$(jobs -p); if test -n "${CHILDREN}"; then kill ${CHILDREN} && wait; fi' TERM + +export AWS_SHARED_CREDENTIALS_FILE="${CLUSTER_PROFILE_DIR}/.awscred" + +hosted_zone="$(cat "${SHARED_DIR}/byohostedzonename")" +echo "Deleting hostedzone ${hosted_zone}" + +aws route53 delete-hostedzone --id "${hosted_zone}" +echo "${hosted_zone} deleted" \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.metadata.json b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.metadata.json new file mode 100644 index 0000000000000..77419032c5d7b --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.metadata.json @@ -0,0 +1,14 @@ +{ + "path": "ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml", + "owners": { + "approvers": [ + "e-tienne", + "ewolinetz", + "jhixson74", + "jstuever", + "patrickdillon", + "staebler", + "wking" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml new file mode 100644 index 0000000000000..d702973730fc7 --- /dev/null +++ b/ci-operator/step-registry/ipi/deprovision/aws/byohostedzone/ipi-deprovision-aws-byohostedzone-ref.yaml @@ -0,0 +1,14 @@ +ref: + as: ipi-deprovision-aws-byohostedzone + from_image: + namespace: ocp + name: "4.8" + tag: upi-installer + grace_period: 10m + commands: ipi-deprovision-aws-byohostedzone-commands.sh + resources: + requests: + cpu: 300m + memory: 300Mi + documentation: |- + The deprovision step tears down the BYO private hostedzone. diff --git a/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/OWNERS b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/OWNERS new file mode 100644 index 0000000000000..18848fbb68a8f --- /dev/null +++ b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/OWNERS @@ -0,0 +1,10 @@ +approvers: +- smarterclayton +- wking +- vrutkovs +- abhinavdahiya +- deads2k +- crawford +- ewolinetz +- csrwng +- staebler diff --git a/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.metadata.json b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.metadata.json new file mode 100644 index 0000000000000..17af0158ee4fc --- /dev/null +++ b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.metadata.json @@ -0,0 +1,16 @@ +{ + "path": "openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml", + "owners": { + "approvers": [ + "smarterclayton", + "wking", + "vrutkovs", + "abhinavdahiya", + "deads2k", + "crawford", + "ewolinetz", + "csrwng", + "staebler" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml new file mode 100644 index 0000000000000..9e9807f7b09c9 --- /dev/null +++ b/ci-operator/step-registry/openshift/e2e/aws/byohostedzone/openshift-e2e-aws-byohostedzone-workflow.yaml @@ -0,0 +1,12 @@ +workflow: + as: openshift-e2e-aws-byohostedzone + steps: + pre: + - chain: ipi-aws-pre-byohostedzone + test: + - ref: openshift-e2e-test + post: + - chain: ipi-aws-post + - chain: ipi-aws-post-byohostedzone + documentation: |- + The Openshift E2E AWS workflow executes the common end-to-end test suite on AWS in a cluster using a BYO private hostedzone.